<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:05:58 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-44435] Allow x509 authorization to be selectively enabled based on the CA</title>
                <link>https://jira.mongodb.org/browse/SERVER-44435</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;In &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-41069&quot; title=&quot;Ability to disable authorization via x509 extensions&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-41069&quot;&gt;&lt;del&gt;SERVER-41069&lt;/del&gt;&lt;/a&gt;, &lt;tt&gt;allowRolesFromX509Certificates&lt;/tt&gt; was added as a switch to enable or disable the use of x509 authorization extensions for the entire mongod/mongos process.&lt;/p&gt;

&lt;p&gt;This is not granular enough for the use case where mongod is running with multiple CAs, some trusted and some un-trusted. An un-trusted CA would be allowed to issue client certificates but the authorizations must still be controlled by the MongoDB database user. A trusted CA would be allowed to issue certificates with x509 authorization extensions.&lt;/p&gt;

&lt;p&gt;Ideally instead of &lt;tt&gt;allowRolesFromX509Certificates&lt;/tt&gt; being a boolean there would instead be a way to pass MongoDB a list of trusted CAs.&lt;/p&gt;</description>
                <environment></environment>
        <key id="990360">SERVER-44435</key>
            <summary>Allow x509 authorization to be selectively enabled based on the CA</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="sara.golemon@mongodb.com">Sara Golemon</assignee>
                                    <reporter username="cory.mintz@mongodb.com">Cory Mintz</reporter>
                        <labels>
                    </labels>
                <created>Tue, 5 Nov 2019 18:57:13 +0000</created>
                <updated>Sun, 29 Oct 2023 22:15:19 +0000</updated>
                            <resolved>Fri, 17 Jan 2020 04:09:02 +0000</resolved>
                                                    <fixVersion>4.2.4</fixVersion>
                    <fixVersion>4.3.3</fixVersion>
                    <fixVersion>3.6.18</fixVersion>
                    <fixVersion>4.0.17</fixVersion>
                                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="2783227" author="xgen-internal-githook" created="Tue, 4 Feb 2020 19:04:10 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;sgolemon&apos;, &apos;name&apos;: &apos;Sara Golemon&apos;, &apos;email&apos;: &apos;sara.golemon@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44435&quot; title=&quot;Allow x509 authorization to be selectively enabled based on the CA&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44435&quot;&gt;&lt;del&gt;SERVER-44435&lt;/del&gt;&lt;/a&gt; Allow selective whitelisting of X509 based role authorizations&lt;/p&gt;

&lt;p&gt;(cherry picked from commit b99fbe5f80f4368e1916e1bfbf3d195276ace5c7)&lt;/p&gt;

&lt;p&gt; create mode 100644 jstests/libs/client_roles.pem&lt;br/&gt;
 create mode 100644 jstests/ssl/tlsCATrusts.js&lt;br/&gt;
 create mode 100644 jstests/ssl/x509/root-and-trusted-ca.pem&lt;br/&gt;
 create mode 100644 jstests/ssl/x509/trusted-client-testdb-roles.pem&lt;br/&gt;
 create mode 100644 src/mongo/db/auth/auth_types.idl&lt;br/&gt;
 create mode 100644 src/mongo/util/net/ssl_parameters.cpp&lt;br/&gt;
 create mode 100644 src/mongo/util/net/ssl_parameters.idl&lt;br/&gt;
Branch: v3.6&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2781883" author="xgen-internal-githook" created="Tue, 4 Feb 2020 02:29:13 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;sgolemon&apos;, &apos;name&apos;: &apos;Sara Golemon&apos;, &apos;email&apos;: &apos;sara.golemon@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44435&quot; title=&quot;Allow x509 authorization to be selectively enabled based on the CA&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44435&quot;&gt;&lt;del&gt;SERVER-44435&lt;/del&gt;&lt;/a&gt; Fix typo in test&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/a347a421837981f55399e19a68ddc0a6127e93c4&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/a347a421837981f55399e19a68ddc0a6127e93c4&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2780631" author="xgen-internal-githook" created="Mon, 3 Feb 2020 17:27:01 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;sgolemon&apos;, &apos;name&apos;: &apos;Sara Golemon&apos;, &apos;email&apos;: &apos;sara.golemon@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44435&quot; title=&quot;Allow x509 authorization to be selectively enabled based on the CA&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44435&quot;&gt;&lt;del&gt;SERVER-44435&lt;/del&gt;&lt;/a&gt; Allow selective whitelisting of X509 based role authorizations&lt;/p&gt;

&lt;p&gt;(cherry picked from commit b99fbe5f80f4368e1916e1bfbf3d195276ace5c7)&lt;/p&gt;

&lt;p&gt; create mode 100644 jstests/ssl/tlsCATrusts.js&lt;br/&gt;
 create mode 100644 jstests/ssl/x509/root-and-trusted-ca.pem&lt;br/&gt;
 create mode 100644 jstests/ssl/x509/trusted-client-testdb-roles.pem&lt;br/&gt;
 create mode 100644 src/mongo/db/auth/auth_types.idl&lt;br/&gt;
 create mode 100644 src/mongo/util/net/ssl_parameters.idl&lt;br/&gt;
Branch: v4.0&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/2de3fecd52943c1e0eb554834dd0422cabf958cd&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/2de3fecd52943c1e0eb554834dd0422cabf958cd&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2767117" author="xgen-internal-githook" created="Tue, 28 Jan 2020 01:06:49 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;email&apos;: &apos;sara.golemon@mongodb.com&apos;, &apos;username&apos;: &apos;sgolemon&apos;, &apos;name&apos;: &apos;Sara Golemon&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44435&quot; title=&quot;Allow x509 authorization to be selectively enabled based on the CA&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44435&quot;&gt;&lt;del&gt;SERVER-44435&lt;/del&gt;&lt;/a&gt; Allow selective whitelisting of X509 based role authorizations&lt;/p&gt;

&lt;p&gt;(cherry picked from commit b99fbe5f80f4368e1916e1bfbf3d195276ace5c7)&lt;/p&gt;

&lt;p&gt; create mode 100644 jstests/ssl/tlsCATrusts.js&lt;br/&gt;
 create mode 100644 jstests/ssl/x509/root-and-trusted-ca.pem&lt;br/&gt;
 create mode 100644 jstests/ssl/x509/trusted-client-testdb-roles.pem&lt;br/&gt;
Branch: v4.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/80ebbb1e48ee022efefe50d577cddfd6df52e84c&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/80ebbb1e48ee022efefe50d577cddfd6df52e84c&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2738106" author="xgen-internal-githook" created="Fri, 17 Jan 2020 03:47:30 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;username&apos;: &apos;sgolemon&apos;, &apos;name&apos;: &apos;Sara Golemon&apos;, &apos;email&apos;: &apos;sara.golemon@mongodb.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-44435&quot; title=&quot;Allow x509 authorization to be selectively enabled based on the CA&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-44435&quot;&gt;&lt;del&gt;SERVER-44435&lt;/del&gt;&lt;/a&gt; Allow selective whitelisting of X509 based role authorizations&lt;/p&gt;

&lt;p&gt; create mode 100644 jstests/ssl/tlsCATrusts.js&lt;br/&gt;
 create mode 100644 jstests/ssl/x509/trusted-client-testdb-roles.pem&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo/commit/b99fbe5f80f4368e1916e1bfbf3d195276ace5c7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo/commit/b99fbe5f80f4368e1916e1bfbf3d195276ace5c7&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10420">
                    <name>Backports</name>
                                            <outwardlinks description="backported by">
                                                        </outwardlinks>
                                                        </issuelinktype>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                                        </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>5.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_12450" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Backport Requested</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16775"><![CDATA[v4.2]]></customfieldvalue>
    <customfieldvalue key="15640"><![CDATA[v4.0]]></customfieldvalue>
    <customfieldvalue key="15141"><![CDATA[v3.6]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10011" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Backwards Compatibility</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10038"><![CDATA[Fully Compatible]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 14 Jan 2020 01:51:04 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        4 years, 1 week, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_17052" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Downstream Changes Summary</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Cloud because this is a cloud request.&lt;br/&gt;
Docs because this is a new server feature.&lt;br/&gt;
See &lt;a href=&quot;https://docs.google.com/document/d/17k1q2ooy0YTaduyxrBy4x-CQtkdU_6ih3C5aT8SkYRU&quot;&gt;https://docs.google.com/document/d/17k1q2ooy0YTaduyxrBy4x-CQtkdU_6ih3C5aT8SkYRU&lt;/a&gt; for details.</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_17050" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Downstream Team Attention</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16942"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>PM-1493</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>luke.bonanomi@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            4 years, 1 week, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>cory.mintz@mongodb.com</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>sara.golemon@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hw0nyf:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hw1c4f:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="3452">Security 2019-12-16</customfieldvalue>
    <customfieldvalue id="3515">Security 2019-01-27</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_17051" key="com.atlassian.jira.plugin.system.customfieldtypes:multicheckboxes">
                        <customfieldname>Teams Impacted</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="16943"><![CDATA[Cloud]]></customfieldvalue>
    <customfieldvalue key="16944"><![CDATA[Docs]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hw0a7r:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>